F5 Logo MyF5
Search
  1. MyF5 Home
  2. BIG-IQ Centralized Management: Local Traffic and Network Implementations
  3. Managing Network Objects
Manual Chapter : Managing Network Objects

Applies To:

Show Versions Show Versions

BIG-IQ Centralized Management

  • 8.3.0, 8.2.0, 8.1.0, 8.0.0, 7.1.0
Manual Chapter

Managing Network Objects

How do I manage the objects that reside on managed devices?

The workflows for creating a new object, or for changing the settings for objects that already reside on a managed device, are very similar. In each case, there are four tasks to perform.
This figure illustrates the workflow to manage the objects on BIG-IP devices. Changing the settings or creating the object is the second step in this process.
Change managed object workflow

Change a network object

You can make revisions to the configuration of Local Traffic objects to simplify managing your devices.
  1. At the top of the screen, click
    Configuration
    , then, on the left, click
    NETWORK
    .
  2. Under
    NETWORK
    , click the object type that you want to modify, such as
    Interfaces
     or
    VLANs
    .
    The screen displays a list of objects of that type that are defined on this BIG-IQ.
  3. Click the name of the object you want to change.
    The Properties screen for the selected object opens.
  4. Make changes to the properties that you want to modify.
  5. When you are satisfied with the changes you have made, click
    Save & Close
    .
    The revisions you saved are made, and the Properties screen for the selected object closes.
Changes that you make are made only to the pending version. The
pending version
 serves as a repository for changes you stage before deploying them to the managed device. Object settings for the pending version are not the same as the object settings on the actual BIG-IP device until they are deployed or discarded.
To apply the pending version settings to the BIG-IP device, you next need to deploy the revisions.

Manage an interface

You can use the BIG-IQ Local Traffic component to enable or disable network interfaces on a managed device.
When you revise configurations on devices that belong to a high availability cluster, it is important to let the changes synchronize to the cluster members instead of trying to make the same changes to multiple devices. If you try to replicate changes you made on one device in the cluster, the next config sync attempt could fail.
  1. At the top of the screen, click
    Configuration
    , then, on the left, click
    NETWORK
    Interfaces
    .
    The screen displays the list of interfaces defined on this device.
    If you select the check box for an interface, you can either enable or disable it. You can also view details about other configuration objects to which this interface relates.
  2. Select the check box for the interface you want to change, and then click
    Enable
     or
    Disable
    .
    The State for the selected interface changes on the BIG-IQ.
Changes that you make are made only to the pending version. The
pending version
 serves as a repository for changes you stage before deploying them to the managed device. Object settings for the pending version are not the same as the object settings on the actual BIG-IP device until they are deployed or discarded.
When you finish revising the settings for this interface, you need to evaluate and then deploy the changes to the target device. Until you deploy the changes stored in the pending version, objects on the managed device are not changed.

Create a new route

You can use the BIG-IQ Local Traffic component to add a route to a managed device so you can better control the application traffic on that device.
When revising configurations on devices that belong to a high availability cluster, it is important to let the changes synchronize to the cluster members instead of trying to make the same changes to multiple devices. If you try to replicate changes you made on one device in the cluster, the next config sync attempt could fail.
  1. At the top of the screen, click
    Configuration
    , then, on the left, click
    NETWORK
    Routes
    .
    The screen displays the list of routes defined on this device.
    If you select the check box for a route, you can delete it. You can also view details about other configuration objects to which this route relates.
  2. Click
    Create
    .
    The New Route screen opens.
  3. Type a
    Name
     for the route you are creating.
    For detailed information on the impact of using a particular route parameter value, refer to the
    BIG-IP TMOS: Routing Administration
     on
    support.F5.com
    .
  4. If the device for which you are creating this route is in a silo as part of a conflict resolution work flow, select that
    Silo
     here; otherwise, leave the default setting.
    For detailed work flows explaining how you can use a silo to resolve configuration object conflicts, refer to
    BIG-IQ: Resolving Device Object Conflicts
     on
    support.f5.com
    .
  5. Type in a brief
    Description
     for the route you are creating.
  6. Select the
    Device
     on which to create the route.
  7. For
    Partition
    , type the name of the BIG-IP device partition on which you want to create the route.
    In the AS3 user interface, the BIG-IP device partition to which services deploy is referred to as the
    tenant
    . Do not deploy any objects to a partition that has been used to deploy AS3 application services using the Configuration tab. For additional detail about partitions and tenants, refer to
    AS3 tenant name details
     in the
    Managing BIG-IQ AS3 templates
     article on
    support.f5.com
  8. In the
    Destination/Mask
     field, type a self IP address and netmask for this route.
    These addresses display in the Destination and Netmask columns of the routing table.
    For example: 
    10.145.193.0/24
  9. Specify the
    Resource
     setting.
    • To use a gateway, select
      Use Gateway
      , and then from
      Gateway Address
      , choose either
      IP Address
       or
      IPv6 Link-Local Address
      . This is the method through which you want the BIG-IQ system to forward packets to the route destination.
    • To use a pool, select
      Use Pool
      , and then select the pool through which you want the BIG-IQ system to forward packets to the route destination.
    • To use a VLAN or tunnel, select
      Use VLAN/Tunnel
      , and then select the VLAN or tunnel through which you want the BIG-IQ system to forward packets to the route destination.
    • To reject packets forwarded to the route destination, select
      Reject
      .
  10. In the
    MTU
     field, type an optional frame size value for Path Maximum Transmission Unit (MTU).
    By default, BIG-IP devices use the standard Ethernet frame size of 1518 bytes (1522 bytes if VLAN tagging is used) with the corresponding MTU of 1500 bytes. For BIG-IP devices that support Jumbo Frames, you can specify another MTU value.
  11. Click
    Save & Close
    .
    The system creates the new route with the settings you specified.
Changes that you make are made only to the pending version. The
pending version
 serves as a repository for changes you stage before deploying them to the managed device. Object settings for the pending version are not the same as the object settings on the actual BIG-IP device until they are deployed or discarded.
When you finish specifying the settings for this route, you need to evaluate and then deploy the changes to the target device. Until you deploy the changes stored in the pending version, objects on the managed device are not changed.

Create a new self IP address

You can use the BIG-IQ Local Traffic component to add a self IP address to a managed device.  You can then associate that self IP address with a VLAN, to access hosts in that VLAN.
When revising configurations on devices that belong to a high availability cluster, it is important to let the changes synchronize to the cluster members instead of trying to make the same changes to multiple devices. If you try to replicate changes you made on one device in the cluster, the next config sync attempt could fail.
  1. At the top of the screen, click
    Configuration
    , then, on the left, click
    NETWORK
    Self IPs
    .
    The screen displays the list of self IP addresses defined on this device.
    If you select the check box for a self IP, you can delete it. You can also view details about other configuration objects to which this self IP relates.
  2. Click
    Create
    .
    The New Self IP screen opens.
  3. Type a
    Name
     for the self IP address you are creating.
    For detailed information on the impact of using a particular self IP parameter value, refer to the
    Self IP Addresses
     chapter in the
    BIG-IP TMOS: Routing Administration
     guide on
    support.F5.com
    .
  4. If the device for which you are creating this self IP address is in a silo as part of a conflict resolution work flow, select that
    Silo
     here; otherwise, leave the default setting.
    For detailed work flows explaining how you can use a silo to resolve configuration object conflicts, refer to
    BIG-IQ: Resolving Device Object Conflicts
     on
    support.f5.com
    .
  5. Select the
    Device
     on which to create the self IP address.
  6. For
    Partition
    , type the name of the BIG-IP device partition on which you want to create the self IP.
    In the AS3 user interface, the BIG-IP device partition to which services deploy is referred to as the
    tenant
    . Do not deploy any objects to a partition that has been used to deploy AS3 application services using the Configuration tab. For additional detail about partitions and tenants, refer to
    AS3 tenant name details
     in the
    Managing BIG-IQ AS3 templates
     article on
    support.f5.com
  7. In the
    IP Address
     field, type either an IPv4 or an IPv6 address.
    For an IPv4 address, you should specify a /32 IP address per RFC 3021.
  8. In the
    Netmask
     field, type the netmask for this self IP address. You must type the full netmask.
    Specifying the prefix length in bits is not supported. For example, you could type
    255.255.255.255
     or
    ffff:ffff:ffff:ffff:0000:0000:0000:0000 or ffff:ffff:ffff:ffff::
     (with two colons at the end).
  9. For
    VLAN /Tunnel
    , select the VLAN or tunnel to associate with this self IP address.
    When you assign a VLAN to this self IP address, keep in mind that the self IP address and VLAN must use the same route domain. For example, if you assign self IP
    10.0.0.0%20
     (route domain with ID 20) to VLAN-1, you will not be able to assign VLAN-1 to any route domain except a route domain with ID 20.
  10. Specify the
    Port Lockdown
    .
    • Select
      Allow Default
       to activate only the default protocols and services. You can determine the supported protocols and services by logging in to the target BIG-IP device and running
      tmsh list net self-allow defaults
       on the command line.
    • Select
      Allow All
       to activate all TCP and UDP services on this self IP address.
    • Select
      Allow None
       to specify that this self IP address accepts no traffic. If you are using this self IP address as the local endpoint for WAN optimization, select this option to avoid potential port conflicts.
    • Select
      Allow Custom
       or
      Allow Custom (Include Default)
       to expand the
      Custom List
       setting, where you can specify the ports, protocols, and services to activate on this self IP address.
  11. Select a specific
    Traffic Group
     for the self IP address.
  12. Click
    Save & Close
    .
    The system creates the new self IP address with the settings you specified.
Changes that you make are made only to the pending version. The
pending version
 serves as a repository for changes you stage before deploying them to the managed device. Object settings for the pending version are not the same as the object settings on the actual BIG-IP device until they are deployed or discarded.
When you finish specifying the settings for this self IP address, you need to evaluate and then deploy the changes to the target device. Until you deploy the changes stored in the pending version, objects on the managed device are not changed.

Create a new trunk

Use this procedure to create a new trunk on a managed BIG-IP device.
  1. On the Main tab, click
    Network
    Trunks
    .
    The Trunks screen opens.
  2. Click
    Create
    .
    The New Trunk screen opens.
  3. In the
    Name
     field, type in a unique name for the trunk you are creating.
  4. If the device for which you are creating this trunk is in a silo as part of a conflict resolution work flow, select that
    Silo
     here; otherwise, leave the default setting.
    For detailed work flows explaining how you can use a silo to resolve configuration object conflicts, refer to
    BIG-IQ: Resolving Device Object Conflicts
     on
    support.f5.com
    .
  5. From the
    Device
     list, select the device on which to create the trunk.
  6. For
    Partition
    , type the name of the BIG-IP device partition on which you want to create the new trunk.
    In the AS3 user interface, the BIG-IP device partition to which services deploy is referred to as the
    tenant
    . Do not deploy any objects to a partition that has been used to deploy AS3 application services using the Configuration tab. For additional detail about partitions and tenants, refer to
    AS3 tenant name details
     in the
    Managing BIG-IQ AS3 templates
     article on
    support.f5.com
  7. Use the Move buttons (> and >) to control which
    Interfaces
     this trunk uses.
  8. From
    Link Select Policy
    , select the policy that this trunk uses to determine which member link (interface) handles new traffic.
  9. From
    Distribution Hash
    , select the basis for the hash that the system uses as the frame distribution algorithm. The system uses the resulting hash to determine which interface to use for forwarding traffic.
  10. Click
    Save & Close
    .
    The system creates the new trunk with the settings you specified.
After you perform these steps, each BIG-IP system configuration contains a VLAN of the same name that you can assign to an IPv6 self IP address.

Create a new route domain

You can use the BIG-IQ Local Traffic component to add a route domain to a managed device. Using route domains, you can assign the same IP address to more than one device on a network, as long as each instance of the IP address resides in a separate route domain.
  1. At the top of the screen, click
    Configuration
    , then, on the left, click
    NETWORK
    Route Domains
    .
    The screen displays the list of route domains defined on this device.
  2. Click
    Create
    .
    The New Route Domain screen opens.
  3. In the
    Name
     field, type in a unique name for the route you are creating.
  4. If the device for which you are creating this route domain is in a silo as part of a conflict resolution work flow, select that
    Silo
     here; otherwise, leave the default setting.
    For detailed work flows explaining how you can use a silo to resolve configuration object conflicts, refer to
    BIG-IQ: Resolving Device Object Conflicts
     on
    support.f5.com
    .
  5. In the
    ID
     field, type an integer to represent the route domain.
    The integer must be unique on the BIG-IP device and be between 1 and 65534. The default value (0) indicates that all VLANs on a system pertain to this route domain. When you create new route domains, you can assign VLANs to those route domains which moves the VLANs out of the default route domain.
    When you assign a VLAN to a route domain, keep in mind that any self IP addresses that use that VLAN must use the same route domain. For example, if self IP
    10.0.0.0%20
     (route domain with ID 20) is assigned to VLAN-1, you cannot assign VLAN-1 to any route domain except a route domain with ID 20.
  6. In the
    Description
     field, type in a brief description for the route domain you are creating.
  7. From the
    Device
     list, select the device on which to create the route domain.
  8. For
    Partition
    , type the name of the BIG-IP device partition on which you want to create the route domain.
    In the AS3 user interface, the BIG-IP device partition to which services deploy is referred to as the
    tenant
    . Do not deploy any objects to a partition that has been used to deploy AS3 application services using the Configuration tab. For additional detail about partitions and tenants, refer to
    AS3 tenant name details
     in the
    Managing BIG-IQ AS3 templates
     article on
    support.f5.com
  9. Select
    Strict Isolation
     if you want to enforce cross-routing restrictions.
    When
    Enabled
     is selected, routes cannot cross route domain boundaries (so they are strictly isolated to the current route domain). The default is enabled. When this setting is disabled, routes can cross route domains. For example, you could add a route to the routing table with a
    10.0.0.0%20
     (route domain 20) destination and a gateway of
    172.27.84.29%32
     (route domain 32).
  10. To specify a VLAN or tunnel for the BIG-IP device to use in the route domain, select it in the
    Available
     list, and use the arrow to add it to the
    Selected
     list.
    A VLAN and tunnel can only be referenced by one route domain at a time, so if the VLAN or tunnel you select is currently referenced by another route domain, it will be removed from that route domain when you attach it to this route domain.
    Before removing a VLAN from a route domain, recall that every self IP address must use the same route domain as its VLAN, so make sure the VLAN is not already in use by a self IP address. For example, if a self IP address uses a VLAN named
    VLAN-2
     and also uses the default route domain 0, do not remove
    VLAN-2
     from route domain 0.
  11. Click
    Save & Close
    .
    The system creates the new route domain with the settings you specified.
Changes that you make are made only to the pending version. The
pending version
 serves as a repository for changes you stage before deploying them to the managed device. Object settings for the pending version are not the same as the object settings on the actual BIG-IP device until they are deployed or discarded.
When you finish revising the settings for this route domain, the next step is to evaluate and then deploy the changes to the target device. Until you deploy the changes stored in the pending version, objects on the managed device are not changed.

Create a new VLAN

You can use the BIG-IQ Local Traffic component to add a VLAN to a managed device. Using VLANs, you can assign the same IP address to more than one device on a network, as long as each instance of the IP address resides in a separate VLAN.
  1. At the top of the screen, click
    Configuration
    , then, on the left, click
    NETWORK
    VLANs
    .
    The screen displays the list of VLANs defined on this device.
  2. Click
    Create
    .
    The New VLAN screen opens.
  3. Type a unique
    Name
     for the VLAN you are creating.
    For detailed information on the impact of using a particular VLAN parameter value, refer to the
    VLANs VLAN Groups and VXLAN
    chapter in the
    BIG-IP TMOS: Routing Administration
     guide on
    support.F5.com
    .
  4. If the device for which you are creating this VLAN is in a silo as part of a conflict resolution work flow, select that
    Silo
     here; otherwise, leave the default setting.
    For detailed work flows explaining how you can use a silo to resolve configuration object conflicts, refer to
    BIG-IQ: Resolving Device Object Conflicts
     on
    support.f5.com
    .
  5. Type a brief
    Description
     for the VLAN you are creating.
  6. Type a
    Tag
     number for the VLAN.
    The tag number can be between 1 and 4094, but must be unique on the target device. If you do not specify a value, the system automatically assigns a tag number.
  7. Select the
    Device
     on which to create the VLAN.
  8. For
    Partition
    , type the name of the BIG-IP device partition on which you want to create the VLAN.
  9. In the
    MTU
     field, specify the maximum transmission unit (MTU) for traffic on this VLAN.
    The default is 1500.
  10. To specify which interfaces this VLAN uses for traffic management, select one from the
    Interface
     list, and then select the
    Tagging
     for it.
    You can add more than one interface by clicking the Add
    +
     button.
  11. For the
    Hardware SYN Cookie Protection
     setting, select or clear the check box.
    When you enable this setting, the BIG-IP system triggers hardware SYN cookie protection for this VLAN.
    Enabling this setting causes additional settings to appear. These settings appear on specific BIG-IP platforms only.
  12. For the
    Syncache Threshold
     setting, retain the default value or change it to suit your needs.
    The
    Syncache Threshold
     value represents the number of outstanding SYN flood packets on the VLAN that will trigger the hardware SYN cookie protection feature.
    When the
    Hardware SYN Cookie
     setting is enabled, the BIG-IP system triggers SYN cookie protection in either of these cases, whichever occurs first:
    • The number of TCP half-open connections defined in the LTM setting
      Global SYN Check Threshold
       is reached.
    • The number of SYN flood packets defined in this
      Syncache Threshold
       setting is reached.
  13. For the
    SYN Flood Rate Limit
     setting, retain the default value or change it to suit your needs.
    The
    SYN Flood Rate Limit
     value represents the maximum number of SYN flood packets per second received on this VLAN before the BIG-IP system triggers hardware SYN cookie protection for the VLAN.
  14. For
    Auto Last Hop
     select whether you want to designate the VLAN as the last hop for TMM traffic.
  15. For
    CMP Hash
     select the traffic disaggregation criteria to use for this VLAN.
    The default value uses TCP/UDP source/destination ports.
  16. For
    DAG Tunnel
     select how you want this VLAN to enable hardware-based disaggregation.
    This setting determines how the disaggregator (DAG) processes received packets that are encapsulated using one of the supported tunneling protocols (such as, NVGRE, VXLAN, EtherIP, or IPIP). There are two options for DAG tunnel:
    • Inner
       disaggregates encapsulated packets based on the inner headers. Using the inner headers typically provides more information to the DAG which allows for a better distribution of packets across TMM instances. If you select a value of
      Inner
      , you must also configure a
      bigdb
       variable to specify a port number before any associated tunnels can use the inner headers.
    • Outer
       uses the outer headers of encapsulated packets without inspecting the inner headers. This is the default value.
  17. For
    DAG Round Robin
    select how yo uwant this VLAN to prevent stateless traffic from overloading a few TMM instances, a condition that can disable an entire BIG-IP system.
    When enabled, this setting causes the BIG-IP system to load balance the traffic among TMMs evenly, instead of using a static hash. Stateless traffic in this case includes non-IP Layer 2 traffic, ICMP, some UDP protocols, and so on. This setting is disabled by default.
    This feature is particularly useful for firewall and Domain Name System (DNS) traffic. For example, this feature prevents certain types of DDoS attacks, such as an ICMP DDoS attack that can overload the system by sending the same packets repeatedly to a specific subset of TMMs.
    The disaggregation of traffic occurs only to TMMs that are local to a given high-speed bridge (HSB).
  18. For
    Fail-safe
    , select whether you want this BIG-IP to base redundant-system failover on VLAN-related events.
    When you enable this setting, BIG-IQ displays two additional controls.
    1. For
      Fail-safe Timeout
      , type the number of seconds you want the system to wait before failing.
    2. For
      Action
      , select the action that you want the BIG-IP to perform when the timeout period expires
  19. If you want the BIG-IP to verify that the return path for an initial packet is through the same VLAN from which the packet originated, then for
    Source Check
    , select the
    Enabled
     check box.
    The system only enables source checking if the global setting
    Auto Last Hop
     is disabled.
  20. Specify the sFlow polling interval and sampling rate for this VLAN.
    1. For the
      Polling interval
      , either select
      default
      , or select
      Specify
       and type the number of seconds you want between each sFlow poll.
      The default interval between sFlow polls is 10 seconds.
    2. For the
      Sampling Rate
      , either select
      default
      , or select
      Specify
       and type the ratio of sFlow samples to observed packets.
      The default sampling rate is 2048, which means that the system randomly generates 1 sample for every 2048 packets observed.
  21. Click
    Save & Close
    .
    The system creates the new VLAN with the settings you specified.
Changes that you make are made only to the pending version. The
pending version
 serves as a repository for changes you stage before deploying them to the managed device. Object settings for the pending version are not the same as the object settings on the actual BIG-IP device until they are deployed or discarded.
When you finish specifying the settings for this VLAN, you need to evaluate and then deploy the changes to the target device. Until you deploy the changes stored in the pending version, objects on the managed device are not changed.

Create a VLAN group

Use this procedure to create a VLAN Group on your managed BIG-IP system in your configuration.
  1. On the Main tab, click
    Network
    VLAN Groups
    .
    The VLAN Groups screen opens.
  2. Click
    Create
    .
    The New VLAN screen opens.
  3. Type a unique
    Name
     for the VLAN group you are creating.
  4. If the device for which you are creating this VLAN group is in a silo as part of a conflict resolution work flow, select that
    Silo
     here; otherwise, leave the default setting.
    For detailed work flows explaining how you can use a silo to resolve configuration object conflicts, refer to
    BIG-IQ: Resolving Device Object Conflicts
     on
    support.f5.com
    .
  5. From the
    Device
     list, select the device on which to create the VLAN group.
    BIG-IQ lists the VLANs and tunnels that reside on the device you selected.
  6. Add the VLANs and tunnels you want to this group, then configure the remaining settings needed to suit the requirements for this VLAN group depending on how you plan to use it.
  7. Click
    Save & Close
    .
  8. Click
    Finished
    .
    The screen refreshes, and it displays the new VLAN Group in the list.
After you perform these steps, each BIG-IP system configuration contains a VLAN of the same name that you can assign to an IPv6 self IP address.

Create a new DNS resolver

You can use the BIG-IQ to add a DNS resolver to a managed device. Using DNS resolvers, you can assign the same IP address to more than one device on a network, as long as each instance of the IP address resides in a separate DNS resolver. When the BIG-IP system receives a query that cannot be resolved from the cache, the system forwards the query to a nameserver associated with the matching forward zone. When the nameserver returns a response, the BIG-IP system caches the response, and returns the response to the resolver making the query.
  1. At the top of the screen, click
    Configuration
    , then, on the left, click
    NETWORK
    DNS Resolvers
    .
    The screen displays the list of DNS resolvers defined on this device.
    If you select the check box for a DNS resolver, you can delete it. You can also view details about other configuration objects to which this DNS resolver relates.
  2. Click
    Create
    .
    The New DNS Resolver screen opens.
  3. Type a unique
    Name
     for the DNS resolver you are creating.
  4. If the device for which you are creating this DNS resolver is in a silo as part of a conflict resolution work flow, select that
    Silo
     here; otherwise, leave the default setting.
    For detailed work flows explaining how you can use a silo to resolve configuration object conflicts, refer to
    BIG-IQ: Resolving Device Object Conflicts
     on
    support.f5.com
    .
  5. For
    Partition
    , type the name of the BIG-IP device partition on which you want to create the DNS resolver.
    In the AS3 user interface, the BIG-IP device partition to which services deploy is referred to as the
    tenant
    . Do not deploy any objects to a partition that has been used to deploy AS3 application services using the Configuration tab. For additional detail about partitions and tenants, refer to
    AS3 tenant name details
     in the
    Managing BIG-IQ AS3 templates
     article on
    support.f5.com
  6. Select the
    Route Domain Name
     that this resolver uses for outbound traffic.
  7. To specify the Resolver properties, expand the Resolver area.
  8. For the
    Cache Size
    , type the size of the internal DNS resolver cache.
    The default is 5767168 bytes. After the cache reaches this size, when new or refreshed content arrives, the system removes expired and older content and caches the new or updated content.
  9. Select
    Answer Default Zones
     if you want the system to answer DNS queries for the default zones
    localhost
    ,
    reverse
    ,
    127.0.0.1
    ,
    ::1
    , and
    AS112
    .
    The default is disabled, meaning that the system passes along the DNS queries for the default zones.
  10. Select
    Randomize Query Character Case
     if you want the internal DNS resolver to randomize character case in domain name queries issued to the root DNS servers.
  11. To specify the Traffic properties, expand the Traffic area and select the format or formats for which you want the system to answer and issue queries.
  12. To specify a forward zone used to resolve matching DNS queries, expand the Forward Zones area and click
    Add
    .
    A popup screen opens.
    1. Type in a unique
      Name
       for the forward zone you are creating.
    2. Type an IP
      Address
      for the forward zone you are creating.
    3. In the
      Service Port
       field, type in the port number for the forward zone you are creating.
    4. Click the
      Add
       button next to the Service Port.
      The address and port combination is added to the
      Nameservers
       box.
    5. To add additional nameservers, repeat the last two sub-steps.
  13. When you are satisfied with the new forward zone, click the
    Add
     button.
    The popup screen closes and BIG-IQ adds the new zone.
  14. If you have specified forward zones, select the check boxes for the zones you want to use.
  15. When you are satisfied with the new DNS resolver, click
    Save & Close
    .
    The system creates the new DNS resolver with the settings you specified.
Changes that you make are made only to the pending version. The
pending version
 serves as a repository for changes you stage before deploying them to the managed device. Object settings for the pending version are not the same as the object settings on the actual BIG-IP device until they are deployed or discarded.
To pin this resolver to specific devices, click
Configuration
LOCAL TRAFFIC
Pinning Policies
.
For detail about how pinning works, refer to
Managing Object Pinning
 on
support.f5.com
.
When you finish revising the settings for this DNS resolver, you need to evaluate and then deploy the changes to the target device. Until you deploy the changes stored in the pending version, objects on the managed device are not changed.

Create a new tunnel

You can use the BIG-IQ to add a tunnel to a managed device.
The tunnel
Name
,
Device
, and
Tunnel Profile Reference
 are the only required properties when you create a tunnel. You can leave the remaining properties on this screen unchanged. These properties perform the same function as they do when you configure a tunnel on a BIG-IP device.
  1. At the top of the screen, click
    Configuration
    , then, on the left, click
    NETWORK
    Tunnels
    .
    The screen displays the list of tunnels defined on this device.
  2. Click
    Create
    .
    The New Tunnel screen opens.
  3. Type a
    Name
     for this tunnel.
  4. If the device for which you are creating this tunnel is in a silo as part of a conflict resolution work flow, select that
    Silo
     here; otherwise, leave the default setting.
    For detailed work flows explaining how you can use a silo to resolve configuration object conflicts, refer to
    BIG-IQ: Resolving Device Object Conflicts
     on
    support.f5.com
    .
  5. From the
    Device
     list, select the device on which you want to create this tunnel.
  6. Select the
    Tunnel Profile Reference
     from the list of tunnel profiles that reside on the device on which you are creating the tunnel.
    Additional fields display based on the profile you selected. These fields perform just as they do when you configure a tunnel on a BIG-IP. For details on what each field is used for and how the settings do refer to the BIG-IP documentation on
    support.f5.com
    .
  7. Click
    Save & Close
    .
    The system creates the new tunnel with the settings you specified.
Changes that you make are made only to the pending version. The
pending version
 serves as a repository for changes you stage before deploying them to the managed device. Object settings for the pending version are not the same as the object settings on the actual BIG-IP device until they are deployed or discarded.
When you finish revising the settings for this tunnel, the next step is to evaluate and then deploy the changes to the target device. Until you deploy the changes stored in the pending version, objects on the managed device are not changed.

Create a new tunnel profile

You can use the BIG-IQ to add a tunnel profile to a managed device.
The profile
Name
,
Type
, and
Parent Profile
 are the only required properties when you create a tunnel profile. You can leave the remaining properties on this screen unchanged. These properties perform the same function as they do when you configure a profile on a BIG-IP device.
  1. At the top of the screen, click
    Configuration
    , then, on the left, click
    NETWORK
    Tunnel Profiles
    .
    The screen displays the list of tunnel profiles defined on this device.
  2. Click
    Create
    .
    The New Tunnel Profile screen opens.
  3. Type a
    Name
     for this profile.
  4. If the device for which you are creating this tunnel is in a silo as part of a conflict resolution work flow, select that
    Silo
     here; otherwise, leave the default setting.
    For detailed work flows explaining how you can use a silo to resolve configuration object conflicts, refer to
    BIG-IQ: Resolving Device Object Conflicts
     on
    support.f5.com
    .
  5. Select the
    Type
     of the tunnel profile you want to create.
    The
    Parent Profile
     setting displays the list of parent profiles that match your selection.
  6. From
    Parent Profile
    , select the parent profile from which you want your profile to inherit settings.
    A number of additional settings display, specifying the parameters associated with the parent profile you selected. There are two controls for each setting.
    • A check box controls whether you want to override the inherited value for that field.
    • A second control (type varies by field) sets the value you want for the parameter.
  7. For any settings you want to override, select the check box and then specify the value you want for the fields you selected.
    You can select
    Override All
     if you want to override all of the parent profile property values.
    When you override a parent profile property, future changes you make to this profile property in the parent profile will not be inherited by this child profile. So, selecting
    Override All
     effectively disconnects this profile from its parent.
  8. Click
    Save & Close
    .
    The system creates the new tunnel profile with the settings you specified. You can now attach this tunnel profile to a virtual server or use it as the
    Tunnel Profile Reference
     when you create a new tunnel.
  9. To pin this profile to specific devices, click
    Configuration
    LOCAL TRAFFIC
    Pinning Policies
    .
    For detail about how pinning works, refer to
    Managing Object Pinning
     on
    support.f5.com
    .
Changes that you make are made only to the pending version. The
pending version
 serves as a repository for changes you stage before deploying them to the managed device. Object settings for the pending version are not the same as the object settings on the actual BIG-IP device until they are deployed or discarded.
When you finish revising the settings for this tunnel, the next step is to evaluate and then deploy the changes to the target device. Until you deploy the changes stored in the pending version, objects on the managed device are not changed.
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information